GitOps Sync¶

Deployment source control and syncing with Gitops

Seldon Enterprise Platform can recognise that certain namespaces are to be maintained using GitOps. It will look for the label seldon.gitops: enabled.

If the seldon.gitops label is not present or is disabled then new deployments and modifications in the namespace will be pushed directly to the Kubernetes cluster.

If the seldon.gitops label is present then Enterprise Platform will look for an annotation named git-repo with a git URI. It uses a service account token for accessing the repo which is stored in a Secret installed with Seldon Enterprise Platform using the Helm chart (along with username and email). Enterprise Platform will add metadata to any commits it makes, including recording which dex user took the action.

Important

Always manage resources in GitOps namespaces via Enterprise Platform–the UI or API–or through the corresponding git repository.

For GitOps namespaces, Seldon Enterprise Platform is only aware of resources defined in the corresponding git repository, but not any created manually in the namespace. As a result, any resources created in a GitOps namespace with kubectl, for example, will be ignored by Enterprise Platform.

Seldon Enterprise Platform can display an Audit Log for each deployment where it reads back git commits and makes the changes and metadata visible:

deployauditlog

If the user is permitted then the state can also be restored to a previous commit.

See the relevant Architecture section for more on how GitOps works.